@elliemae/microfe-common 2.23.6 → 2.23.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/cjs/remoting.js
CHANGED
|
@@ -66,17 +66,21 @@ class Remoting {
|
|
|
66
66
|
* The set of windows that are allowed to send messages to this window
|
|
67
67
|
*/
|
|
68
68
|
#allowedSenders = /* @__PURE__ */ new Map();
|
|
69
|
+
#disableOriginCheck;
|
|
69
70
|
/**
|
|
70
71
|
* Create a new instance of the Remoting class
|
|
71
72
|
* @param logger pui-diagnostic logger
|
|
72
73
|
* @param correlationId unique id for the current session
|
|
74
|
+
* @param options optional configuration
|
|
73
75
|
*/
|
|
74
|
-
constructor(logger, correlationId) {
|
|
76
|
+
constructor(logger, correlationId, options) {
|
|
75
77
|
if (!logger) throw new Error("logger is required");
|
|
76
78
|
if (!correlationId) throw new Error("correlationId is required");
|
|
77
79
|
this.#correlationId = correlationId;
|
|
78
80
|
this.#logger = logger;
|
|
81
|
+
this.#disableOriginCheck = options?.unsafeAllowAnyGuestOrigin ?? false;
|
|
79
82
|
}
|
|
83
|
+
#getTargetOrigin = (targetOrigin) => this.#disableOriginCheck ? "*" : targetOrigin;
|
|
80
84
|
// Evaluates the timeouts on any waiting invocations and schedules the next check
|
|
81
85
|
#evaluateTimeouts = () => {
|
|
82
86
|
this.#timeoutMonitorHandle = null;
|
|
@@ -259,7 +263,7 @@ class Remoting {
|
|
|
259
263
|
reject,
|
|
260
264
|
cancelTime: responseTimeoutMs ? Date.now() + responseTimeoutMs : null
|
|
261
265
|
});
|
|
262
|
-
targetWin.postMessage(msg, targetOrigin);
|
|
266
|
+
targetWin.postMessage(msg, this.#getTargetOrigin(targetOrigin));
|
|
263
267
|
const { requestId } = msg;
|
|
264
268
|
this.#logger.debug(
|
|
265
269
|
`Posted invocation message of type ${messageType} requestId: ${requestId || ""}`
|
|
@@ -306,7 +310,7 @@ class Remoting {
|
|
|
306
310
|
messageBody,
|
|
307
311
|
onewayMsg: true
|
|
308
312
|
});
|
|
309
|
-
targetWin.postMessage(msg, targetOrigin);
|
|
313
|
+
targetWin.postMessage(msg, this.#getTargetOrigin(targetOrigin));
|
|
310
314
|
this.#logger.debug(`Posted one-way message of type "${messageType}"`);
|
|
311
315
|
};
|
|
312
316
|
/**
|
|
@@ -328,7 +332,7 @@ class Remoting {
|
|
|
328
332
|
messageBody: response,
|
|
329
333
|
requestId
|
|
330
334
|
});
|
|
331
|
-
targetWin.postMessage(msg, targetOrigin);
|
|
335
|
+
targetWin.postMessage(msg, this.#getTargetOrigin(targetOrigin));
|
|
332
336
|
this.#logger.debug(
|
|
333
337
|
`Response sent to caller for invocation requestId: ${requestId}`
|
|
334
338
|
);
|
|
@@ -345,7 +349,7 @@ class Remoting {
|
|
|
345
349
|
messageBody,
|
|
346
350
|
requestId
|
|
347
351
|
});
|
|
348
|
-
targetWin.postMessage(msg, targetOrigin);
|
|
352
|
+
targetWin.postMessage(msg, this.#getTargetOrigin(targetOrigin));
|
|
349
353
|
this.#logger.debug(
|
|
350
354
|
`Exception sent to caller for invocation. requestId: ${requestId}`
|
|
351
355
|
);
|
package/dist/esm/remoting.js
CHANGED
|
@@ -42,17 +42,21 @@ class Remoting {
|
|
|
42
42
|
* The set of windows that are allowed to send messages to this window
|
|
43
43
|
*/
|
|
44
44
|
#allowedSenders = /* @__PURE__ */ new Map();
|
|
45
|
+
#disableOriginCheck;
|
|
45
46
|
/**
|
|
46
47
|
* Create a new instance of the Remoting class
|
|
47
48
|
* @param logger pui-diagnostic logger
|
|
48
49
|
* @param correlationId unique id for the current session
|
|
50
|
+
* @param options optional configuration
|
|
49
51
|
*/
|
|
50
|
-
constructor(logger, correlationId) {
|
|
52
|
+
constructor(logger, correlationId, options) {
|
|
51
53
|
if (!logger) throw new Error("logger is required");
|
|
52
54
|
if (!correlationId) throw new Error("correlationId is required");
|
|
53
55
|
this.#correlationId = correlationId;
|
|
54
56
|
this.#logger = logger;
|
|
57
|
+
this.#disableOriginCheck = options?.unsafeAllowAnyGuestOrigin ?? false;
|
|
55
58
|
}
|
|
59
|
+
#getTargetOrigin = (targetOrigin) => this.#disableOriginCheck ? "*" : targetOrigin;
|
|
56
60
|
// Evaluates the timeouts on any waiting invocations and schedules the next check
|
|
57
61
|
#evaluateTimeouts = () => {
|
|
58
62
|
this.#timeoutMonitorHandle = null;
|
|
@@ -235,7 +239,7 @@ class Remoting {
|
|
|
235
239
|
reject,
|
|
236
240
|
cancelTime: responseTimeoutMs ? Date.now() + responseTimeoutMs : null
|
|
237
241
|
});
|
|
238
|
-
targetWin.postMessage(msg, targetOrigin);
|
|
242
|
+
targetWin.postMessage(msg, this.#getTargetOrigin(targetOrigin));
|
|
239
243
|
const { requestId } = msg;
|
|
240
244
|
this.#logger.debug(
|
|
241
245
|
`Posted invocation message of type ${messageType} requestId: ${requestId || ""}`
|
|
@@ -282,7 +286,7 @@ class Remoting {
|
|
|
282
286
|
messageBody,
|
|
283
287
|
onewayMsg: true
|
|
284
288
|
});
|
|
285
|
-
targetWin.postMessage(msg, targetOrigin);
|
|
289
|
+
targetWin.postMessage(msg, this.#getTargetOrigin(targetOrigin));
|
|
286
290
|
this.#logger.debug(`Posted one-way message of type "${messageType}"`);
|
|
287
291
|
};
|
|
288
292
|
/**
|
|
@@ -304,7 +308,7 @@ class Remoting {
|
|
|
304
308
|
messageBody: response,
|
|
305
309
|
requestId
|
|
306
310
|
});
|
|
307
|
-
targetWin.postMessage(msg, targetOrigin);
|
|
311
|
+
targetWin.postMessage(msg, this.#getTargetOrigin(targetOrigin));
|
|
308
312
|
this.#logger.debug(
|
|
309
313
|
`Response sent to caller for invocation requestId: ${requestId}`
|
|
310
314
|
);
|
|
@@ -321,7 +325,7 @@ class Remoting {
|
|
|
321
325
|
messageBody,
|
|
322
326
|
requestId
|
|
323
327
|
});
|
|
324
|
-
targetWin.postMessage(msg, targetOrigin);
|
|
328
|
+
targetWin.postMessage(msg, this.#getTargetOrigin(targetOrigin));
|
|
325
329
|
this.#logger.debug(
|
|
326
330
|
`Exception sent to caller for invocation. requestId: ${requestId}`
|
|
327
331
|
);
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
export { Remoting, sendMessage } from './remoting.js';
|
|
2
|
-
export type { ListenerCallback, ListenerCallbackParams, ListenParam, InvokeParam, RaiseExceptionParam, RespondParam, SendParam, AddSenderParam, } from './remoting.js';
|
|
2
|
+
export type { ListenerCallback, ListenerCallbackParams, ListenParam, InvokeParam, RaiseExceptionParam, RemotingOptions, RespondParam, SendParam, AddSenderParam, } from './remoting.js';
|
|
3
3
|
export type { RemotingEventMessage } from './remotingEventMessage.js';
|
|
4
4
|
export { getEventId, ProxyEvent } from './event.js';
|
|
5
5
|
export type { IScriptingObjectProxyEvent, EventParam, DispatchEventParam, EventOptions, SubscribeParam, UnsubscribeParam, IEventManager, FilterCriteria, FilterOperator, } from './event.js';
|
|
@@ -171,14 +171,24 @@ export type AddSenderParam = {
|
|
|
171
171
|
/**
|
|
172
172
|
* Provides core messaging capabilities for cross-frame interactions in a sandboxed environment.
|
|
173
173
|
*/
|
|
174
|
+
export type RemotingOptions = {
|
|
175
|
+
/**
|
|
176
|
+
* **UNSAFE**: When true, uses '*' as the targetOrigin for all outbound postMessage calls,
|
|
177
|
+
* bypassing the browser's origin check on the receiving window. This means any window
|
|
178
|
+
* can receive messages intended for the guest, potentially exposing sensitive data.
|
|
179
|
+
* Only enable this if you fully understand the security implications.
|
|
180
|
+
*/
|
|
181
|
+
unsafeAllowAnyGuestOrigin?: boolean;
|
|
182
|
+
};
|
|
174
183
|
export declare class Remoting {
|
|
175
184
|
#private;
|
|
176
185
|
/**
|
|
177
186
|
* Create a new instance of the Remoting class
|
|
178
187
|
* @param logger pui-diagnostic logger
|
|
179
188
|
* @param correlationId unique id for the current session
|
|
189
|
+
* @param options optional configuration
|
|
180
190
|
*/
|
|
181
|
-
constructor(logger: Logger, correlationId: string);
|
|
191
|
+
constructor(logger: Logger, correlationId: string, options?: RemotingOptions);
|
|
182
192
|
/**
|
|
183
193
|
* Adds window and its origin list of allowed senders
|
|
184
194
|
* @param {AddSenderParam} param - The sender to add
|